krb5 commit [krb5-1.22]: Fix IAKERB realm discovery state machine logic
ghudson at mit.edu
ghudson at mit.edu
Tue Jan 27 23:49:16 EST 2026
https://github.com/krb5/krb5/commit/905790f6fd66de8a2e05abfdb886a1ca66dfffab
commit 905790f6fd66de8a2e05abfdb886a1ca66dfffab
Author: Andreas Schneider <asn at cryptomilk.org>
Date: Fri Jan 23 16:32:57 2026 +0100
Fix IAKERB realm discovery state machine logic
In iakerb_initiator_step(), when realm discovery completes, set the
state to IAKERB_AS_REQ so we don't repeat the overwrite of
cred->name->princ->realm on the next token.
(cherry picked from commit 5de16db5935c5a23f5548de1004cb4d7896c716b)
ticket: 9194
version_fixed: 1.22.2
src/lib/gssapi/krb5/iakerb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index 90a9bce11..7cc4710e2 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -631,6 +631,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
cred->name->princ->realm = server_realm;
server_realm = empty_data();
+ ctx->state = IAKERB_AS_REQ;
/* Done with realm discovery; fall through to AS request. */
case IAKERB_AS_REQ:
if (ctx->icc == NULL) {
More information about the cvs-krb5
mailing list